Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
GitHub PoC★ 7
anyanything/CVE-2026-8461-PoC
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISK
open ↗GitHub PoC★ 1
CVE-2026-11837: local privilege escalation in the ansible.posix authorized_key module via symlink-following chown. Technical writeup; sibling of CVE-2024-9902.
Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
41RISK
open ↗VulnCheck XDB
initial-access
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open ↗VulnCheck XDB
local
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISK
open ↗GitHub PoC
Fuzzing the Microsoft Windows DNS client library. Inspired by CVE-2026-41096.
Windows DNS Client Remote Code Execution Vulnerability
48RISK
open ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗GitHub PoC
CVE-2026-4020 - Draft
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
68RISK
open ↗GitHub PoC★ 2
CVE-2025-48907 - Unauthenticated RCE exploit for Joomla JCE < 2.9.99.5
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC★ 13
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗GitHub PoC★ 1
sec0x/CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC★ 1
Technical analysis of CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow in NGINX's rewrite engine caused by a state mismatch between length calculation and copy operations, enabling worker crashes and potential remote code execution.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗VulnCheck XDB
initial-access
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗GitHub PoC
GNN-based supply chain backdoor detector for Python packages. Uses Code Property Graphs + 3-layer GCN to detect obfuscated backdoors by learning semantic data flow patterns — not just signatures. Inspired by XZ Utils (CVE-2024-3094).
Xz: malicious code in distributed source
70RISK
open ↗GitHub PoC
POC for CVE-2026-23744 for a python revshell
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
Chaelsoo/CVE-2022-23131-Wrappers
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
100RISK
open ↗GitHub PoC★ 1
El exploit para obtener root usado la vulnerabilidad del CVE-2021-4034 o tambien llamado PwnKit el cual permite teniendo un shell hacer una escalada de privilegios siempre y cuando la version de pkexec sea = o < que la v0.105
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗GitHub PoC★ 5
Unauthenticated PHP Object Injection to RCE in WP Activity Log <= 5.6.3.1 (CVE-2026-54806)
WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
48RISK
open ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Vulnerability proof of concept reworked from https://github.com/utmost3/cve/issues/2 I take no credit for discovering the vulnerability. This is for educational and portfolio purposes only.
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
41RISK
open ↗GitHub PoC
Detection & remediation toolkit for the Miasma / Shai-Hulud worm and CVE-2026-35603 (AI-agent/IDE config injection)
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
33RISK
open ↗GitHub PoC★ 2
Technical analysis of CVE-2026-46300 (Fragnesia), a Linux kernel page-cache write vulnerability that enables local privilege escalation through SKBFL_SHARED_FRAG invariant violations in the networking stack.
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC
drolley919/joomla-cve-2015-8562-exploit-and-linux-forensic-analysis
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RISK
open ↗GitHub PoC★ 2
CVE-2026-49772 — The Events Calendar (WordPress) unauthenticated blind SQLi PoC
WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
48RISK
open ↗VulnCheck XDB
initial-access
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
100RISK
open ↗GitHub PoC
CVE-2026-39031 — offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory.
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt crede
33RISK
open ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.